Prototype dropped cell defense for bad circuitIDs #74
Comments
|
See also #76, which also needs some CONN_BW fields to work properly. |
|
Florentin points out that creating a RELAY_DESTROY that is sent to the middle can help with the guard being malicious and not destroying the circuit. On the other hand, it makes the delay longer if the exit is sending dropped cells and the guard itself is not malicious but the local ISP is... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://gitlab.torproject.org/tpo/core/torspec/-/issues/45 - Cells on invalid circuit IDs can be sent after we close the circuit, IF the guard is malicious as well.
This is a relatively minor case at the moment - if the guard is malicious, you're in a great deal of trouble without padding. But, with padding, either ad-hoc or standardized, the situation changes a bit.
We should prototype this to get a little bit more of a handle on behavior. I am not sure closing the channel is great, especially if it can be adversarially induced. Prototyping will help us think about these things deeper.
We might be able to use BW events as a catch-all for this, similar to how we used CIRC_BW. That will allow us to defer behavior to the python, to respond in a more agile way.
This is also useful for padding experiments related to #43
See also https://gitlab.torproject.org/tpo/core/torspec/-/issues/39
The text was updated successfully, but these errors were encountered: